Cybercriminals are exploiting browser notifications as a new phishing vector using the Matrix Push C2 platform to deliver malicious links and commands. This browser-native, fileless approach allows cross-platform, stealthy attacks that bypass traditional security controls. #MatrixPushC2 #Velociraptor #Phishing
Keypoints
- Attackers use social engineering to trick users into allowing browser notifications from malicious or compromised websites.
- The Matrix Push C2 platform enables threat actors to send convincing, fake alerts that appear to come from trusted brands.
- This method is platform-independent, turning any browser-enabled device into a potential target.
- Threat actors can customize notifications, track victims, and monitor campaign effectiveness through a web dashboard.
- Using tools like Velociraptor, attackers are escalating attacks after initial access, conducting reconnaissance and exploiting known vulnerabilities.
Read More: https://thehackernews.com/2025/11/matrix-push-c2-uses-browser.html